A Study of Existing Cross-Site Scripting Detection and Prevention Techniques Using XAMPP and VirtualBox

Virginia journal of science Pub Date : 2019-01-01 DOI:10.25778/bx6k-2285

Jalen Mack, Y. Hu, M. Hoppa

{"title":"A Study of Existing Cross-Site Scripting Detection and Prevention Techniques Using XAMPP and VirtualBox","authors":"Jalen Mack, Y. Hu, M. Hoppa","doi":"10.25778/bx6k-2285","DOIUrl":null,"url":null,"abstract":"Most operating websites experience a cyber-attack at some point. Cross-site Scripting (XSS) attacks are cited as the top website risk. More than 60 percent of web applications are vulnerable to them, and they ultimately are responsible for over 30 percent of all web application attacks. XSS attacks are complicated, and they often are used in conjunction with social engineering techniques to cause even more damage. Although prevention techniques exist, hackers still find points of vulnerability to launch their attacks. This project explored what XSS attacks are, examples of popular attacks, and ways to detect and prevent them. Using knowledge gained and lessons-learned from analyzing prior XSS incidents, a simulation environment was built using XAMPP and VirtualBox. Four typical XSS attacks were launched in this virtual environment, and their potential to cause significant damage was measured and compared using the Common Vulnerability Scoring System (CVSS) Calculator. Recommendations are offered for approaches to impeding XSS attacks including solutions involving sanitizing data, whitelisting data, implementing a content security policy and statistical analysis tools.","PeriodicalId":23516,"journal":{"name":"Virginia journal of science","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Virginia journal of science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.25778/bx6k-2285","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Most operating websites experience a cyber-attack at some point. Cross-site Scripting (XSS) attacks are cited as the top website risk. More than 60 percent of web applications are vulnerable to them, and they ultimately are responsible for over 30 percent of all web application attacks. XSS attacks are complicated, and they often are used in conjunction with social engineering techniques to cause even more damage. Although prevention techniques exist, hackers still find points of vulnerability to launch their attacks. This project explored what XSS attacks are, examples of popular attacks, and ways to detect and prevent them. Using knowledge gained and lessons-learned from analyzing prior XSS incidents, a simulation environment was built using XAMPP and VirtualBox. Four typical XSS attacks were launched in this virtual environment, and their potential to cause significant damage was measured and compared using the Common Vulnerability Scoring System (CVSS) Calculator. Recommendations are offered for approaches to impeding XSS attacks including solutions involving sanitizing data, whitelisting data, implementing a content security policy and statistical analysis tools.

查看原文本刊更多论文

基于XAMPP和VirtualBox的现有跨站点脚本检测和预防技术研究

大多数运营中的网站在某些时候都经历过网络攻击。跨站点脚本(XSS)攻击被认为是最大的网站风险。超过60%的web应用程序容易受到它们的攻击，并且它们最终导致了超过30%的web应用程序攻击。XSS攻击很复杂，它们经常与社会工程技术结合使用，造成更大的破坏。尽管存在预防技术，黑客仍然会找到漏洞点发动攻击。本项目探讨了什么是XSS攻击、常见攻击的示例以及检测和预防它们的方法。利用从分析以前的XSS事件中获得的知识和经验教训，使用XAMPP和VirtualBox构建了一个模拟环境。在这个虚拟环境中发起了四种典型的XSS攻击，并使用通用漏洞评分系统(CVSS)计算器对其造成重大损害的可能性进行了测量和比较。本文为阻止XSS攻击的方法提供了建议，包括涉及数据清理、白名单数据、实现内容安全策略和统计分析工具的解决方案。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Virginia journal of science

自引率

0.00%

发文量